Earlier this month, the Wall Street Journal published a blog, “CIOs Name Their Top 5 Strategic Priorities,” which collected the recommendations from a variety of technical leaders at a CIO Network event. Author Steven Norton notes: While proposals ran the gamut, consensus seemed to form around two major themes: cybersecurity, and delivering change through effective […]

As February comes to a close we have already seen critical patches from Adobe and Microsoft. Even more concerning, Microsoft has not yet patched a recently disclosed Internet Explorer zero-day. For better or worse, Google’s “Project Zero” is putting the pressure on vendors like Microsoft to patch reported vulnerabilities in 90 days before public disclosure, […]

At last week’s Cyber Security Summit at Stanford, President Obama sought to reset his administration’s relationship with a tech community alienated by an endless stream of disclosures of the government’s penetration of technology companies to achieve its surveillance goals. He appealed for both sides to unite to build an “Internet Cathedral” that will protect our online […]

In January 2015, Bromium conducted a survey of more than 100 information security professionals, focused on the greatest challenges and risks facing their organizations today. The results indicate that end users continue to remain the greatest security risk, thanks to their tendency to click on suspicious and malicious e-mail and URLs. Bromium published similar research in June 2014, which determined […]

Introduction CVE-2014-9322 is described as follows: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. It was fixed on […]